CVE-2017-8371Insufficiently Protected Credentials in Struxureware Data Center Expert

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 60.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Struxureware Data Center Expert
Timeline
PublishedApr 30
Latest updateMay 13

Description

Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages1 packages

Patches

Patch: download.schneider-electric.comPatch: download.schneider-electric.com

🔴Vulnerability Details

2
GHSA
GHSA-q3f6-hqpp-mv3w: Schneider Electric StruxureWare Data Center Expert before 72022-05-13
CVEList
CVE-2017-8371: Schneider Electric StruxureWare Data Center Expert before 72017-04-30
CVE-2017-8371 — Insufficiently Protected Credentials | cvebase